Allow introspection of data sent to HPN endpoint. #428
Comments
|
Hi Andreas, As you mentioned we do not have a transparency dashboard like Cliqz, but there are already a few ways to inspect data being sent back. With the following steps, you can enable logging in HPN. It will allow you to see the message before it goes through the HPN protocol: For Firefox:
The same command works for Ghostery in Chrome:
All messages will then be logged and you can inspect them. In addition, you can turn off encryption of the payload with this command: In Cliqz, we send all messages through a 3rd party proxy to strip the sender's IP. That is why we had to add this layer of encryption on top, otherwise the proxy operators could see and modify your data. If it helps to improve the transparency, we could by default turn off this encryption layer if we are not sending through proxies. As said, that feature it is only relevant to prevent a 3rd party (in the anonymization layer) from seeing the traffic. In case of Ghostery, there is currently no reason to have it enabled. I hope that helps you already. But please feel free to ask if you run into problems, or let me know if you have further technical questions. |
Description
Ghostery seems to use elliptic-key cryptography to encrypt payloads that are sent to the HPN endpoint. This makes it very hard for users to detect if any sensitive information is being sent to the endpoint.
Expected Behavior
A way to see / understand what information is sent to the endpoint. Not allowing users to introspect browsing data that is collected with high frequency is not very privacy-friendly, as it makes claims of collecting data in a privacy-preserving way hard / impossible to verify for third parties / affected users.
Actual Behavior
Data was encrypted and cannot be introspected.
Proposed Implementation
Implement a mechanism similar to your privacy cockpit for Cliqz browser: https://cliqz.com/en/whycliqz/transparency#telemetry
The text was updated successfully, but these errors were encountered: